CHANGELOG.md

@@ -10,6 +10,18 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+<a name="v13.2.1"></a>
+## [v13.2.1] - 2020-11-12
+DOCS:
+- Clarify usage of both AWS-Managed Node Groups and Self-Managed Worker Groups ([#1094](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1094))
+
+ENHANCEMENTS:
+- Tags passed into worker groups should also be excluded from Launch Template tag specification ([#1095](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1095))
+
+BUG FIXES:
+- Don’t add empty Roles ARN in aws-auth configmap, specifically when no Fargate profiles are specified ([#1096](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1096))
+
+
 <a name="v13.2.0"></a>
 ## [v13.2.0] - 2020-11-07
 FEATURES:
@@ -196,7 +208,8 @@ TESTS:
 - remove unused kitchen test related stuff ([#787](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/787))
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v13.2.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v13.2.1...HEAD
+[v13.2.1]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v13.2.0...v13.2.1
 [v13.2.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v13.1.0...v13.2.0
 [v13.1.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v13.0.0...v13.1.0
 [v13.0.0]: https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v12.2.0...v13.0.0

docs/faq.md

@@ -197,3 +197,9 @@ Reference the `--node-labels` argument for your version of Kubenetes for the all
 `worker_groups` are [self-managed nodes](https://docs.aws.amazon.com/eks/latest/userguide/worker.html) (provisions a typical "Autoscaling group" on EC2). It gives you full control over nodes in the cluster like using custom AMI for the nodes. As AWS says, "with worker groups the customer controls the data plane & AWS controls the control plane".
 
 Both can be used together in the same cluster.
+
+## I'm using both AWS-Managed node groups and Self-Managed worker groups and pods scheduled on a AWS Managed node groups are unable resolve DNS (even communication between pods)
+
+This happen because Core DNS can be scheduled on Self-Managed worker groups and by default, the terraform module doesn't create security group rules to ensure communication between pods schedulled on Self-Managed worker group and AWS-Managed node groups.
+
+You can set `var.worker_create_cluster_primary_security_group_rules` to `true` to create required rules.

examples/managed_node_groups/main.tf

@@ -112,6 +112,21 @@ module "eks" {
     }
   }
 
+  # Create security group rules to allow communication between pods on workers and pods in managed node groups.
+  # Set this to true if you have AWS-Managed node groups and Self-Managed worker groups.
+  # See https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1089
+
+  # worker_create_cluster_primary_security_group_rules = true
+
+  # worker_groups_launch_template = [
+  #   {
+  #     name                 = "worker-group-1"
+  #     instance_type        = "t2.small"
+  #     asg_desired_capacity = 2
+  #     public_ip            = true
+  #   }
+  # ]
+
   map_roles    = var.map_roles
   map_users    = var.map_users
   map_accounts = var.map_accounts

modules/fargate/outputs.tf

@@ -20,8 +20,10 @@ output "iam_role_arn" {
 
 output "aws_auth_roles" {
   description = "Roles for use in aws-auth ConfigMap"
-  value = [{
-    worker_role_arn = local.pod_execution_role_arn
-    platform        = "fargate"
-  }]
+  value = [
+    for i in range(1) : {
+      worker_role_arn = local.pod_execution_role_arn
+      platform        = "fargate"
+    } if local.create_eks
+  ]
 }

workers_launch_template.tf

@@ -456,7 +456,10 @@ resource "aws_launch_template" "workers_launch_template" {
           count.index,
         )}-eks_asg"
       },
-      var.tags,
+      { for tag_key, tag_value in var.tags :
+        tag_key => tag_value
+        if tag_key != "Name" && ! contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key)
+      }
     )
   }